Release Date: April 28, 2016
Trend Micro Vulnerability Identifier: 2016-0033
CVSS Base Score: 7.5
CVE Number: CVE-2016-4351
Platform(s): Virtual Appliance
Trend Micro has released a new build of the Trend Micro Email Encryption Gateway virtual appliance. This update resolves a critical vulnerability in the product that could be exploited to bypass authentication on the product.
Affected version(s)
| Product | Affected version | Platform | Language(s) |
|---|---|---|---|
| Email Encryption Gateway | Version 5.5 build 1073 or earlier | Virtual Appliance | English |
Solution
Trend Micro categorized this update with the impact level and recommends users update their installation to the newest version:
| Product | Updated version | Platform | Impact Level |
|---|---|---|---|
| Email Encryption Gateway | Version 5.5 build 1107 | Virtual Appliance | High |
Vulnerability Details
This update resolves a vulnerability in Trend Micro Email Encryption Gateway 5.5 in which authentication could potentially be bypassed with an SQL injection under certain circumstances. Customers are highly encouraged to update to the latest build as soon as possible.
Acknowledgment
Trend Micro would like to thank Anonymous working with Trend Micro’s Zero Day Initiative (ZDI) for responsibly disclosing this issue and working with Trend Micro to help protect our customers.
External Reference(s)
ZDI-16-248
